Senior Product Security Engineer

About the role :

• Promote secure-by-design architectures and implementations across all phases of our S-SDLC.
• Define product security standards, best practices, and processes with built-in governance and metrics.
• Develop new security capabilities, patterns and automation to integrate security throughout our development practices.
• Lead threat modeling sessions and secure code reviews (including of AI-based systems and products).
• Collaborate with cross-functional teams, including software engineering, platform engineering, QA, and operations.
• Accelerate security remediation through data analysis and support for product engineering teams.
• This central role will allow you to have maximum impact ensuring our products and applications meet the highest security standards to protect our customers.

About you :

• Bachelors degree in computer science or equivalent education experience.
• 5+ years of hands-on experience in software engineering or application security.
• Experience conducting security-focused threat modeling and code reviews across multiple technology stacks and programming languages.
• Experience with security tools (SAST, SCA, DAST, fuzzers a plus) and analyzing their findings.
• Proven analytical skills with ability to develop innovative solutions to complex security challenges.
• Both defensive and offensive mindset.
• Strong understanding of security principles (cryptography, authentication, authorization, etc) and common vulnerabilities applicable to applications (web, desktop or mobile), APIs and cloud environments.
• Ability to identify, analyze, and mitigate common security vulnerabilities at both design and implementation levels.
• Knowledge of software engineering principles with experience designing and implementing secure systems, aligned with secure by design and secure by default principles
• Proficiency in writing code, tests, deployment logic, and API integrations. Any language welcomed. Python, GoLang, Java preferred.
• Excellent written and verbal communication skills with ability to articulate complex security concepts to diverse and cross-functional audiences.

Preferred Qualifications

• Experience with a major cloud provider (AWS, Azure, Oracle Cloud or GCP).
• Experience with Infrastructure as Code (eg, CDK, Terraform, ).
• Experience securing or developing systems using Large Language Models, RAG, and AI Agents.
• Experience with common authentication and authorization standards (SAML and OAuth).
• Experience with containerized application and container orchestration (Kubernetes, ECS, ).
• Knowledge of industry security frameworks and maturity models such as OWASP Application Security Verification Standard, CIS Benchmarks, NIST Cybersecurity Framework, OWASP SAMM or BSIMM.
• Relevant security certifications (eg, OSCP, OSWE).
• Experience contributing to open-source security projects.
• Experience in security research, presenting at conferences, or publishing articles.